RE: [saag] Re:

["Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>]

hi

what do you mean by "in terms of addressing"?

my understanding of rsvp is:
rsvp travels hop-by-hop (rsvp capable nodes) from one end-point to an other
(except if you use some rsvp extensions like rsvp proxy etc.). hence "RSVP
is end-to-end in one direction (sender->receiver)" confuses me somehow. the
security for rsvp is build on hop-by-hop security based on a chain-of-trust.

ciao
hannes


> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Melinda Shore
> Sent: Saturday, May 25, 2002 5:18 PM
> To: RJ Atkinson; Derek Atkins
> Cc: SatishK Amara; dong_wei@tsinghua.com; IPsec;
> Security_Area_Advisory_Group
> Subject: Re: [saag] Re:
>
>
> At 10:53 AM 5/25/02 -0400, RJ Atkinson wrote:
> >Hmm.  I would rather say that RSVP is hop-by-hop and
> >that (normally) AH/ESP are end-to-end.
>
> In terms of addressing, RSVP is end-to-end in one
> direction (sender->receiver) and hop-by-hop in the
> other (receiver->sender).
>
> >However, if one used (for example) AH with an asymmetric algorithm,
> >one could perform hop-by-hop authentication of the
> >packet with AH.  This has obvious computational cost
> >issues so might not be the best choice.
>
> The packet payload is going to be modified at each hop,
> as well, in both directions.
>
> Melinda